REGULAR
THE COSTS OF CYBER-CRIME
James Shaw, of insurance broker Darwin Clayton, takes a look at what the cost of being a victim of cyber-crime really is and why you need to take steps to protect your business.
Cyber-crime never seemed far from the headlines in 2015, with many high profile attacks on household names, such as TalkTalk and Carphone Warehouse – or ones that became household names, like dating site, Ashley Madison. The threat has continued to increase this year and SMEs in the cleaning industry are at risk of a data breach.
When you look into the impacts of data breaches on small businesses, it reveals some alarming figures:
• It is believed that in 2014, nearly three quarters of small businesses in the UK had some form of security breach.
• The 2015 Information Security Breaches Survey showed that the cost of the average breach to small businesses was £75,000.
• The Ponemon Institute annual ‘Cost of Data Breach Study: Global Analysis’ found that the average consolidated total cost of a data breach in the UK has increased by 7% since 2013 to £2.37million.
• The Institute study also found that the average cost incurred for each lost or stolen record increased from £95 to £104.
Those sorts of figures will have a big impact on anyone’s bottom line if they fall victim to an attack.
IDENTIFYING THREATS It’s easy to think of cyber-crimes being perpetrated by faceless ‘hackers’, but a disgruntled staff member can also do significant damage, so you need to consider internal processes when looking to protect your business. A Morrison’s employee was jailed for eight years after releasing payroll
28 | Tomorrow’s Cleaning May 2016
data. For nearly 100,000 staff to newspapers and file sharing websites. The supermarket chain says it cost more than £2m to put right the effects of the breach. They also faced legal action from a number of the affected employees.
SPECIFIC COSTS There are a number of specific costs your business could incur following a data breach:
1. Breach costs – the costs incurred after the discovery of a data breach (electronic or otherwise) can be considerable. They include: forensic investigations, legal advice, notifying customers/regulators and offering support, such as credit monitoring, to affected individuals.
2. Business interruption following a cyber loss – a company can lose income if they suffer an attack and it prevents the business from earning revenue.
3. Crisis containment – it is vital to communicate quickly and confidently in order to minimise reputational damage – businesses incur costs for employing a PR company or consultant to carry out this work or in terms of time for their internal staff.
4. Cyber-crime – the theft of money, property or digital assets resulting in direct financial loss following an external hack into your company computer system.
5. Cyber-extortion – threats to lock you out of your systems or ransom demands to let you back in.
6. Hacker damage – the costs to repair, restore or replace any damage to your website, programmes or electronic data.
7. Telephone hacking – hackers can make unauthorised telephone calls after breaching computer networks. This includes traditional fixed-line systems as well as online tools (Skype, VoIP etc).
8. Privacy protection – costs to defend and settle claims made for failing to keep personal data secure, including investigations and civil penalties levied by regulators.
9. Media liability – accidental infringement of Intellectual Property rights or inadvertent libel in an email or electronic communication.
REPUTATIONAL RISK Alongside the financial costs, the reputational damage that can ensue following a data breach can be seriously detrimental. Information Commissioner’s Office (ICO) research published in 2015 found that 77% of people are already concerned about organisations not keeping their personal details secure; to keep your customers happy it’s important you ensure their fears aren’t valid.
WHAT SHOULD YOU DO? I outlined a number of steps in my last Tomorrow’s Cleaning column (March 2016), but a good start is the government website
www.cyberstreetwise.com/ cyberessentials. The resources include a threat assessment, which I would recommend businesses take the time to carry out.
It’s also worth looking into a Cyber & Data Risks Insurance policy. The risks of cyber-crime are growing, so you should safeguard your business without delay.
www.darwinclayton.co.uk twitter.com/TomoCleaning
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78 |
Page 79 |
Page 80 |
Page 81 |
Page 82 |
Page 83 |
Page 84 |
Page 85 |
Page 86 |
Page 87 |
Page 88 |
Page 89 |
Page 90 |
Page 91 |
Page 92 |
Page 93 |
Page 94 |
Page 95 |
Page 96 |
Page 97 |
Page 98 |
Page 99 |
Page 100 |
Page 101 |
Page 102 |
Page 103 |
Page 104 |
Page 105 |
Page 106 |
Page 107 |
Page 108 |
Page 109 |
Page 110 |
Page 111 |
Page 112 |
Page 113 |
Page 114 |
Page 115 |
Page 116 |
Page 117 |
Page 118 |
Page 119 |
Page 120 |
Page 121 |
Page 122